CVE-2000-1238 | Vulnerability Database | Aqua Security

BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.

Affected Software

Name	Vendor	Start Version	End Version
Weblogic_server	Bea	5.1 (including)	5.1 (including)
Weblogic_server	Bea	5.1-sp1 (including)	5.1-sp1 (including)
Weblogic_server	Bea	5.1-sp2 (including)	5.1-sp2 (including)
Weblogic_server	Bea	5.1-sp3 (including)	5.1-sp3 (including)
Weblogic_server	Bea	5.1-sp4 (including)	5.1-sp4 (including)
Weblogic_server	Bea	5.1-sp5 (including)	5.1-sp5 (including)
Weblogic_server	Bea	5.1-sp6 (including)	5.1-sp6 (including)

References

ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip
http://www.securityfocus.com/bid/5089
https://exchange.xforce.ibmcloud.com/vulnerabilities/5588
ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip
http://www.securityfocus.com/bid/5089
https://exchange.xforce.ibmcloud.com/vulnerabilities/5588

NVD	https://nvd.nist.gov/vuln/detail/CVE-2000-1238
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html